psp changes for kube-state-metrics

2022-12-19 18:01:15 -08:00 · 2022-12-19 18:01:15 -08:00 · 3ea9286642
parent 2c1e0bd6bf
commit 3ea9286642
2 changed files with 34 additions and 0 deletions
--- a/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
+++ b/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/podsecuritypolicy.yaml.patch
@ -0,0 +1,15 @@
+--- charts-original/templates/podsecuritypolicy.yaml
+++ charts/templates/podsecuritypolicy.yaml
+@@ -1,3 +1,4 @@
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+ {{- if .Values.podSecurityPolicy.enabled }}
+ apiVersion: policy/v1beta1
+ kind: PodSecurityPolicy
+@@ -36,4 +37,5 @@
+       - min: 1
+         max: 65535
+   readOnlyRootFilesystem: false
+-{{- end }}
+{{- end }}
+{{- end }}
+\ No newline at end of file
--- a/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/psp-clusterrole.yaml.patch
+++ b/packages/rancher-monitoring/rancher-kube-state-metrics/generated-changes/patch/templates/psp-clusterrole.yaml.patch
@ -0,0 +1,19 @@
+--- charts-original/templates/psp-clusterrole.yaml
+++ charts/templates/psp-clusterrole.yaml
+@@ -8,12 +8,16 @@
+ rules:
+ {{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }}
+ {{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+ - apiGroups: ['policy']
+{{- end }}
+ {{- else }}
+ - apiGroups: ['extensions']
+ {{- end }}
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicies" }}
+   resources: ['podsecuritypolicies']
+   verbs:     ['use']
+   resourceNames:
+   - {{ template "kube-state-metrics.fullname" . }}
+{{- end }}
+ {{- end }}